HBGary was unique in that it had corporate backing and the anticipation of large revenue streams. I read most of the 70,000 emails that were released and wrote a short white paper on the company’s schemes, which was circulated on Capitol Hill. Having written that paper I had a detailed view of the technologies they were going to integrate, and I’ve experimented with all of them.
They had picked machine data indexing platform Splunk to serve as the back end for their social network analysis. The company was not complicit in their schemes, they had just been picked as the right thing to use, which isn’t surprising given their best of breed status.
One of the big issues for Splunk when working with individuals or small groups is the incredibly steep learning curve for the system. Last week I noticed an email from Packt offering e-books for reviewers, and the very next day I had a copy of Betsy Page Sigman‘s Splunk Essentials.
Splunk Essentials solves the learning curve problem by providing seven chapters that introduce key features. Each largely stands on its own and the last two chapters really shine, as they involve live data sources from the real world.
The first five chapter names are self-explanatory. Chapter six does cover importing streaming data from Twitter, but it’s used to create a variety of Dashboards, the Splunk name for graphical summaries. Monitoring & Alerts does cover those functions, but it introduces how to do this in the context of monitoring Splunk’s performance itself, a neat exposition of an important topic I’ve not seen addressed in any other book, and one that provides a ready live experiment for an IT staffer tasked with evaluating Splunk.
- Introducing Splunk
- Indexing & Searching
- Advanced Search
- Twitter Application
- Monitoring & Alerts
One of the best features of this book is the attention to providing good datasets for examples. There is a Splunk tutorial dataset, which everyone uses, but the author provided two additional sources.
The Twitter/dashboard chapter provides a detailed explanation of how to make Splunk talk to Twitter via Oauth, going in depth in a way which I’ve not seen anywhere else. This is not so much about Twitter as it is about what to expect when working with Splunk’s massive library of applications.
As I noted above, Chapter 7 involves monitoring and alerting, with a focus on the Splunk system itself. This is a gem of a chapter – instead of compelling the datacenter guy evaluating Splunk to use some test dataset he’ll never see again, it get him busy with the system itself. Kudos to Sigman for working this into an introductory text.
I see two common career scenarios where this book would be a good fit:
This is a good move for IT staff at any point in their career who want to level up in the monitoring area by learning the acknowledged leader in the sector. Work through one chapter a night for a week straight and you will feel comfortable sitting down in front of the system that’s going to be replacing your existing syslog.
The path this book offers is simple enough that a business analyst facing a need to work within a corporate Splunk rollout could easily set up a system at home in order to get familiar without the pressure of live work data and deadlines.
As for me, I read it once, reviewer style, moving quickly since I already know the topic. Next week I’ll make another pass, and this time I’ll do the exercises, too.